Can HA and IOT devices just live on a guest network or vlan?

I’m trying to get a new router so wondering if this is an option. My old router did not support anything and I could never get my Google Home speakers working on guest network.
Should I even try to look for these features in a new router or is it futile trying to get any security working along with localtuya etc.

Yes. Depending on your network equipment and you capabilities.

The point with “guest-network” is that the devices there, doesn’t see your LAN and your devices there, in most guest-network, even the guests dont see’s eachother, meaning, if you have your phone AND your GH-Speaker on the guest-net they dont see eachother, and most of all can’t communicate with your device on your LAN
Don’t bother "looking for these “features”, when buying a NEW Router … it’s basics, unless you find a VERY basic cheap old router
Google is your best friend, if you need to understand LAN/WIFI/Guest network , and your routers manual
PS: Most new routers, supports several WIFI-net, guest-networks, VLAN’s etc

Does using a vlan mean I’m not accessing it locally now, but via the cloud each time I go to the webcams, or other stuff like that. Google Home speakers just never worked at all.

First, your Google home speakers should work. They should not be on a guest network. Move them to your main network to verify they work as intended.

VLANS are Virtual Local Area Network - it’s all local to your router and network (no “cloud”). And your router / network gear (switches, wifi, etc.) must be able to support VLANS. Search for “VLAN primer” to get a better explanation of what they are and why you would use them (you don’t have to use them).

Don’t get a new router without understanding what your requirements are and how you want to use a router. It is not trivial to manage network segmentation (VLANS) and firewall rules (access within and between network segments).

Do your research, read as much as you can, then seek advice.

1 Like

Google home speakers do NOT work on guest-network. They have always needed the main network.

I had other IOT on guest-network before. But they can’t talk to my phone on the main network. So I assume they went via cloud. Some webcam worked, other needed the main network.

I saw VLAN doesn’t seem to help with this w/o complex firewall rules set up. The only benefit vs guest-network is maybe they can see each other. I’m not sure if it’s worth the effort/issues.

This was all way before I used HA. Hence my question.

Why does everyone always assume I haven’t read anything? It’s exactly because I read how localtuya supposedly works that I don’t see how it can work with guest-network or vlan.

ANY devices that Works, will work in either a guest-network, VLAN, “ordanary” LAN
YES HA and IOT device can “live” on ANY network, and they can talk to eachother …IF you know what you are doing

Above is the basic fact, like you can drive down a one way road, in wrong direction ( not recommended ) …

PS: Just install your HA and your IOT device on your main-network, and forget all about VLAN and Guest-network … if you eventually learn more about network, and guest/vlan in common, then you can consider spending time/effort in another “setup” …

1 Like

A new Router wont solve that issue

What is the name/version of your router ?

No the router is broken so I need a new one anyway. I’m just looking at what to go for since I want this to last a while

I’m very sorry. I did not mean to imply that you did not read anything. I assumed that you did not know that it is possible for IoT devices, any Iot devices, to work on VLANS if configured properly (and you have a router and network equipment that supports doing this).

I run a segmented, multi VLAN home network (I have my WAN connection; LAN, Secure, IoT, and Guest VLANS). My Google home speakers are on IoT and devices on my Secure network can get to the Google home speakers because I have a router (pfSense) with the Avahi package that can bridge mDNS packets. And I have firewall rules that allow my Secure devices to get to IoT but not the other way around. Guests can only get out to the WAN but they get the benefit of my enhanced security and ad blocking services.

I have VLANS for very specific control. IoT devices can’t get to the internet unless I allow it. Some IoT devices hard code stupid stuff like specific NTP servers (I redirect this to my NTP services). Other IoT devices insist on contacting sketchy servers (phoning home) to report stuff that I don’t want them to report, so I block that. Etc. etc.

So, back to your original question:

That’s up to you. The router and network equipment I use gives me the flexibility to manage network security that is well beyond a typical consumer grade router. It’s also more difficult to setup and manage. And I would have no problem getting it to work with localtuya or anything else.

Yup, it’s device / protocol dependent and how the router rules work.

It can work on a separate VLAN if the router has the functionality and the rules are configured properly.

3 Likes

OK to start when the new router arrives, I’ll set up the same wifi name as before so everything just works. The new one will have VLAN functionality, but I’m not sure if it’s worth the trouble. It sounds non trivial. I get the concept of multi VLAN, but the setting up of many rules might be overwhelming.

I just don’t like my xiaomi webcams (known to be hackable) can access my nas for examples. Some stuff maybe I can dump on a guest nw, but I hoped I could set up something that is better than nothing like now.

Thanks for the explanation of your setup.

it sounds like it probably isn’t something that should be attempted unless you have a heap of time and a bit more networking knowledge.

Perhaps I would just throw all the webcams on the guest network since they cannot be controlled via HA anyway.

I will leave the rest on the main network

Do you have a guide to how to set up network like you have done?

I don’t have a guide per se. Since I use a pfSense appliance (from Netgate) and Unifi networking gear, I watched pfsense tutorials from Lawrence Systems and read the pfSense documentation to configure my network.

Hi,

I have a similar configuration as @MaxK and it’s not simple but more secure.
With the network skills you seems to have, I would not recommend to split into VLANS.
You can do that later if you want.

Tim

I got a asus rt-ax86u which has an iot network. I added all of them there, they still live on the main lan 192.168.1.x but supposedly has some restrictions on internet? Not very clear.

The Asus router you pick seem to do some deep-inspection of trafic on the IoT devices you configured.
As IoT devices are (still) less secured, it is a good intermediate way to be safe.

I’m still convinced the IoT devices should be separated, but unfortunately, unless to take the time to get the skills, you’ll have to rely on the router and keep you firmware up to date.

edit: This thread also speaks about what’s needed between networks. it is something you may want to try.

Enjoy !

Tim

Perhaps a MikroTik router is a possible alternative?
They are very affordable and fully programmable.
VLAN, IoT and guest networks can be linked together without any problem and, of course, secured.